CVE-2018-1606

Published Nov 6, 2018

Last updated 4 days ago

CVSS medium 4.3

Overview

Description: IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "667D04CD-BC8D-4CEB-B502-8D1379B7B436",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5C09499-13C3-4F91-A68D-C8FEB77B18DE",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DDB2D08-0405-4BFD-9DBE-0AD8589B18FF",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BABC587-0E98-4CE1-AD8C-4045D3CA2941",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74E00B0B-14E3-4799-9FD6-63418A8086F2",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EB5653C-C3DD-471B-B644-6E3128CA7401",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45C503A9-6837-4EBD-87E5-2CA76AF85B79",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A1EBFE0-1EA4-46A9-866B-3ED2E1187612",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA1F2828-9730-4474-82B4-E08AD40CBAAD",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A48EFB76-A843-46B9-8840-83DC35330DD3",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98DCDC04-6FD5-49CB-BC20-757A69C4AC0C",
            "versionEndIncluding": "6.0.1",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "909CD52D-BC7A-467F-A88B-15150C6A41ED",
            "versionEndIncluding": "5.0.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8789F641-3AFA-4262-B554-DEB4270D1DB5",
            "versionEndIncluding": "6.0.6",
            "versionStartIncluding": "6.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References